- Reported
-
- Issued
-
- Package
-
actix-web
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
Description
Affected versions contain multiple memory safety issues, such as:
- Unsoundly coercing immutable references to mutable references
- Unsoundly extending lifetimes of strings
- Adding the
Send
marker trait to objects that cannot be safely sent between threads
This may result in a variety of memory corruption scenarios, most likely use-after-free.
A significant refactoring effort has been conducted to resolve these issues.
Advisory available under CC0-1.0
license.